We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computers hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

The shift from server to service-based thinking is radically transforming the way technology departments think about providing their services. These advances have created new opportunities for managing costs, increasing flexibility and enabling greater mobility of the workforce. However new risks arise from trusting a third party with your information.

Control The Risks

Not every cloud has a silver lining. Among the most significant security risks associated with cloud computing is the tendency to bypass IT departments and accepted processes for keeping data secure.

Cloud Security Principle 3: Separation between usersA malicious or compromised user of the service should not be able to affect the service or data of another.Cloud Security Principle 4: Governance frameworkThe service provider should have a security governance framework which coordinates and directs its management of the service and information within it. Any technical controls deployed outside of this framework will be fundamentally undermined.Cloud Security Principle 5: Operational securityThe service needs to be operated and managed securely in order to impede, detect or prevent attacks. Good operational security should not require complex, bureaucratic, time consuming or expensive processes. Cloud Security Principle 6: Personnel securityWhere service provider personnel have access to your data and systems you need a high degree of confidence in their trustworthiness. Thorough screening, supported by adequate training, reduces the likelihood of accidental or malicious compromise by service provider personnel.Cloud Security Principle 7: Secure developmentServices should be designed and developed to identify and mitigate threats to their security. Those which aren’t may be vulnerable to security issues which could compromise your data, cause loss of service or enable other malicious activity.Cloud Security Principle 8: Supply chain securityThe service provider should ensure that its supply chain satisfactorily supports all of the security principles which the service claims to implement.Cloud Security Principle 9: Secure user managementYour provider should make the tools available for you to securely manage your use of their service. Management interfaces and procedures are a vital part of the security barrier, preventing unauthorised access and alteration of your resources, applications and data.Cloud Security Principle 10: Identity and authenticationAll access to service interfaces should be constrained to authenticated and authorised individuals.Cloud Security Principle 11: External interface protectionAll external or less trusted interfaces of the service should be identified and appropriately defended.Cloud Security Principle 12: Secure service administrationSystems used for administration of a cloud service will have highly privileged access to that service. Their compromise would have significant impact, including the means to bypass security controls and steal or manipulate large volumes of data.Cloud Security Principle 13: Audit information for usersYou should be provided with the audit records needed to monitor access to your service and the data held within it. The type of audit information available to you will have a direct impact on your ability to detect and respond to inappropriate or malicious activity within reasonable timescales.Cloud Security Principle 14: Secure use of the serviceThe security of cloud services and the data held within them can be undermined if you use the service poorly. Consequently, you will have certain responsibilities when using the service in order for your data to be adequately protected.

In the absence of standards and controls such as ISO 27001, CSA Cloud Controls or the 14 Cloud Security Principles being implemented businesses are vulnerable to security breaches that can quickly erase any gains made by the switch to cloud applications.

How We Can Help

“

The shift from server to service-based thinking is radically transforming the way technology departments think about providing their services.

”

Stratia have a wealth of experience in advising clients on which cloud solution is suitable and which service will provide the best security solution, we can advise on the following areas:

Stratia consultants are ISO 27001 lead implementers and assessors for the HMG Cyber Essentials Scheme which can include technical auditing of controls using a wide range of tools and techniques.

We have provided assurance for Her Majesty’s Government (HMG) concerning cloud solutions and advised on the deployment of HMG online services to the cloud.

Thus, we are able to use this experience to provide an all-round consultancy service to help determine the best solution for companies in the process of migrating their operational capabilities to the cloud.

Contact Us

Contact us using our contact form or by using the contact details below.